Add account usage logic (#1567)

--------- Co-authored-by: Yury Gargay <yury.gargay@gmail.com>
2025-08-16 18:11:58 +02:00 · 2024-02-22 12:27:08 +01:00
parent e18bf565a2
commit b7a6cbfaa5
21 changed files with 576 additions and 30 deletions
--- a/management/server/http/middleware/auth_middleware_test.go
+++ b/management/server/http/middleware/auth_middleware_test.go
@ -10,6 +10,7 @@ import (
 	"github.com/golang-jwt/jwt"

 	"github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/http/middleware/bypass"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )

@ -88,39 +89,68 @@ func mockCheckUserAccessByJWTGroups(claims jwtclaims.AuthorizationClaims) error
 func TestAuthMiddleware_Handler(t *testing.T) {
 	tt := []struct {
 		name               string
+		path               string
 		authHeader         string
 		expectedStatusCode int
+		shouldBypassAuth   bool
 	}{
 		{
 			name:               "Valid PAT Token",
+			path:               "/test",
 			authHeader:         "Token " + PAT,
 			expectedStatusCode: 200,
 		},
 		{
 			name:               "Invalid PAT Token",
+			path:               "/test",
 			authHeader:         "Token " + wrongToken,
 			expectedStatusCode: 401,
 		},
 		{
 			name:               "Fallback to PAT Token",
+			path:               "/test",
 			authHeader:         "Bearer " + PAT,
 			expectedStatusCode: 200,
 		},
 		{
 			name:               "Valid JWT Token",
+			path:               "/test",
 			authHeader:         "Bearer " + JWT,
 			expectedStatusCode: 200,
 		},
 		{
 			name:               "Invalid JWT Token",
+			path:               "/test",
 			authHeader:         "Bearer " + wrongToken,
 			expectedStatusCode: 401,
 		},
 		{
 			name:               "Basic Auth",
+			path:               "/test",
 			authHeader:         "Basic  " + PAT,
 			expectedStatusCode: 401,
 		},
+		{
+			name:               "Webhook Path Bypass",
+			path:               "/webhook",
+			authHeader:         "",
+			expectedStatusCode: 200,
+			shouldBypassAuth:   true,
+		},
+		{
+			name:               "Webhook Path Bypass with Subpath",
+			path:               "/webhook/test",
+			authHeader:         "",
+			expectedStatusCode: 200,
+			shouldBypassAuth:   true,
+		},
+		{
+			name:               "Different Webhook Path",
+			path:               "/webhooktest",
+			authHeader:         "",
+			expectedStatusCode: 401,
+			shouldBypassAuth:   false,
+		},
 	}

 	nextHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -146,7 +176,11 @@ func TestAuthMiddleware_Handler(t *testing.T) {

 	for _, tc := range tt {
 		t.Run(tc.name, func(t *testing.T) {
-			req := httptest.NewRequest("GET", "http://testing", nil)
+			if tc.shouldBypassAuth {
+				bypass.AddBypassPath(tc.path)
+			}
+
+			req := httptest.NewRequest("GET", "http://testing"+tc.path, nil)
 			req.Header.Set("Authorization", tc.authHeader)
 			rec := httptest.NewRecorder()

@ -159,5 +193,4 @@ func TestAuthMiddleware_Handler(t *testing.T) {
 			}
 		})
 	}
-
 }